diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md index e1c0eb65d1..24daff9278 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md @@ -19,6 +19,8 @@ This section provides details around {{kib}} and {{es}} configuration when runni Additionally, the following topics apply to both {{es}} and {{kib}}, and in some cases, to other applications supported by ECK: +* [**Users and roles**](/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md): Learn how to work with managed credentials, create custom users, and configure authentication realms. + * [**Access services**](accessing-services.md): Learn how to access to the orchestrated clusters and how to adapt the Kubernetes services to your needs. * [**Customize Pods**](customize-pods.md): Learn how to adapt the `podTemplate` field to your needs. diff --git a/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md b/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md index ffe24d25f5..c83dab7d3f 100644 --- a/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md +++ b/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md @@ -36,13 +36,13 @@ kubectl get secret quickstart-es-elastic-user -o go-template='{{.data.elastic | If your prefer to manage all users via SSO, for example using [SAML Authentication](../../../deploy-manage/users-roles/cluster-or-deployment-auth/saml.md) or OpenID Connect, you can disable the default `elastic` superuser by setting the `auth.disableElasticUser` field in the {{es}} resource to `true`: -```yaml +```yaml subs=true apiVersion: elasticsearch.k8s.elastic.co/v1 kind: Elasticsearch metadata: name: elasticsearch-sample spec: - version: 8.16.1 + version: {{version.stack}} auth: disableElasticUser: true nodeSets: @@ -72,3 +72,31 @@ kubectl delete secret -l eck.k8s.elastic.co/credentials=true ::::{warning} This command regenerates auto-generated credentials of **all** {{stack}} applications in the namespace. :::: + +## Creating custom users + +{{eck}} provides functionality to facilitate custom user creation through various authentication realms. You can create users using the native realm, file realm, or external authentication methods. + +### File realm + +ECK supports creating users through Kubernetes secrets referenced in the {{es}} resource. These secrets can contain either file realm content or standard authentication credentials with a username and password. + +For more information, refer to [File-based user authentication > Add users](/deploy-manage/users-roles/cluster-or-deployment-auth/file-based.md#add-users), and check the ECK examples. + +### Native realm + +You can create custom users in the {{es}} native realm using {{es}} user management APIs or {{kib}}. + +Refer to [Native user authentication](/deploy-manage/users-roles/cluster-or-deployment-auth/native.md) for more details. + +### External authentication realms + +You can also configure external authentication realms such as LDAP, OpenID Connect, or SAML in your ECK deployments by providing the appropriate {{es}} or {{kib}} configuration settings and any required [certificates or configuration files](/deploy-manage/deploy/cloud-on-k8s/custom-configuration-files-plugins.md). + +For more information, refer to [External authentication](/deploy-manage/users-roles/cluster-or-deployment-auth/external-authentication.md). + +## Creating custom roles + +ECK facilitates file-based role management through Kubernetes secrets containing the roles specification. Alternatively, you can use the Role management API or the Role management UI in {{kib}}. + +Refer to [Managing custom roles](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md#managing-custom-roles) for details and ECK based examples. \ No newline at end of file